Detections
Analytics
AS24-U2-000380 - The Apache web server must perform RFC 5280-compliant certification path validation.
Information
A certificate's certification path is the path from the end entity certificate to a trusted root certification authority (CA). Certification path validation is necessary for a relying party to make an informed decision regarding acceptance of an end entity certificate. Certification path validation includes checks such as certificate issuer trust, time validity, and revocation status for each certificate in the certification path. Revocation status information for CA and subject certificates in a certification path is commonly provided via certificate revocation lists (CRLs) or online certificate status protocol (OCSP) responses.NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Configure the Apache server to validate certificates in accordance with RFC 5280.See Also
https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Apache_Server_2-4_Unix_Y25M04_STIG.zip
Item Details
Audit Name: DISA STIG Apache Server 2.4 Unix Site v2r6
Category: IDENTIFICATION AND AUTHENTICATION
References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Rule-ID|SV-214286r1051289_rule, STIG-ID|AS24-U2-000380, STIG-Legacy|SV-102873, STIG-Legacy|V-92785, Vuln-ID|V-214286
Plugin: Unix
Control ID: f1e9c499cf22a21fa35befa395f4bc8864ac485f4c30c856a55a8c813f52ef7f